Clients turn to us to help them assess their information systems’ security risks and to design solutions that keep data safe. We help organizations manage risk, secure IT assets, and meet government compliance obligations.

DFARS Clause 252.204-7012, NIST 800-171 Compliance

On January 21, 2019, Ellen Lord (Under Secretary of Defense for Acquisition and Sustainment) issued a memorandum focused on assessing contractor compliance with the DFARS cyber clause through audits. Requirement for DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting has been mandatory for several years.  Auditing and enforcement of these standards among sub-contractors has been inconsistent or non-existent.  

Department of Defense (DoD) contractors are being forced to demonstrate compliance by multiple stakeholders including their customers, primes, Defense Contract Management Agency (DCMA) and Defense Security Service (DSS). The DCMA audits focus on contractor oversight of its first-tier subcontractors which can include first-tier subcontractors, vendors and suppliers. Additionally, in May 2018 DSS was directed to execute an operational plan for oversight of Controlled Unclassified Information (CUI) protection through collaboration with industry partners across the Defense Industrial Base (DIB).

Soon the entire DoD supply chain must document, implement and provide evidence of NIST 800-171 compliance. Delaying compliance is no longer an option if you plan to do business with the DoD or any DoD contractors..